From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58894)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4rnR-0007Jk-Ss
	for guix-patches@gnu.org; Sun, 30 Apr 2017 12:34:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4rnO-0001LL-QN
	for guix-patches@gnu.org; Sun, 30 Apr 2017 12:34:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:49765)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1d4rnO-0001LF-N6
	for guix-patches@gnu.org; Sun, 30 Apr 2017 12:34:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4rnO-0003TF-Hs
	for guix-patches@gnu.org; Sun, 30 Apr 2017 12:34:02 -0400
Subject: bug#26717: [PATCH] gnu: gitolite: Avoid references to the store in
	authorized_keys.
References: <87wpa1q2po.fsf@lassieur.org>
In-Reply-To: <87wpa1q2po.fsf@lassieur.org>
Resent-Message-ID: <handler.26717.B26717.149356999913289@debbugs.gnu.org>
From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Date: Sun, 30 Apr 2017 18:32:44 +0200
Message-Id: <20170430163244.2830-1-clement@lassieur.org>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 26717@debbugs.gnu.org

* gnu/packages/version-control.scm (gitolite)[arguments]: Substitute
'$glshell' with 'gitolite-shell' in ssh-authkeys.
---
 gnu/packages/version-control.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index e0770dc58..1cad0f285 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -628,7 +628,13 @@ also walk each side of a merge and test those changes individually.")
                         ;; invokes Perl.
                         (substitute* (find-files "." ".*")
                           ((" perl -")
-                           (string-append " " perl " -"))))))
+                           (string-append " " perl " -")))
+
+                        ;; Avoid references to the store in authorized_keys.
+                        ;; This works because gitolite-shell is in the PATH.
+                        (substitute* "src/triggers/post-compile/ssh-authkeys"
+                          (("\\$glshell \\$user")
+                           "gitolite-shell $user")))))
                   (replace 'install
                     (lambda* (#:key outputs #:allow-other-keys)
                       (let* ((output (assoc-ref outputs "out"))
-- 
2.12.2